路由器和路由器之間的配置代碼
Hub Router
2503#show running-config
Building configuration
Current configuration : 1466 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2503
ip subnet-zero
--- Configuration for IKE policies
crypto isakmp policy 10
--- Enables the IKE policy configuration (config-isakmp)
--- command mode, where you can specify the parameters that
--- are used during an IKE negotiation
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200121
crypto isakmp key cisco123 address 200131
--- Specifies the preshared key "cisco123" which should
--- be identical at both peers This is a global
--- configuration mode command
--- Configuration for IPSec policies
crypto ipsec transform-set myset esp-des esp-md5-hmac
--- Enables the crypto transform configuration mode,
--- where you can specify the transform sets that are used
--- during an IPSec negotiation
crypto map mymap 10 ipsec-isakmp
--- Indicates that IKE is used to establish
--- the IPSec security association for protecting the
--- traffic specified by this crypto map entry
set peer 200121
--- Sets the IP address of the remote end
set transform-set myset
--- Configures IPSec to use the transform-set
--- "myset" defined earlier in this configuration
match address 110
--- Specifyies the traffic to be encrypted
crypto map mymap 20 ipsec-isakmp
set peer 200131
set transform-set myset
match address 120
interface Loopback0
ip address 10111 2552552550
interface Ethernet0
ip address 200111 2552552550
no ip route-cache
--- You must enable process switching for IPSec
--- to encrypt outgoing packets This command disables fast switching
no ip mroute-cache
crypto map mymap
--- Configures the interface to use the
--- crypto map "mymap" for IPSec
--- Output suppressed
ip classless
ip route 1721610 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
ip http server
access-list 110 permit ip 10110 000255 1721610 000255
access-list 110 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 10110 000255 19216810 000255
access-list 120 permit ip 1721610 000255 19216810 000255
--- This crypto ACL-permit identifies the
--- matching traffic flows to be protected via encryption
Spoke 1 Router
2509a#show running-config
Building configuration
Current configuration : 1203 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2509a
enable secret 5 class="main">
路由器和路由器之間的配置代碼
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 110
interface Loopback0
ip address 1721611 2552552550
interface Ethernet0
ip address 200121 2552552550
no ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 110 permit ip 1721610 000255 10110 000255
access-list 110 permit ip 1721610 000255 19216810 000255
end
2509a#
Spoke 2 Router
2509#show running-config
Building configuration
Current configuration : 1117 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
hostname 2509
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 120
interface Loopback0
ip address 19216811 2552552550
interface Ethernet0
ip address 200131 2552552550
--- No ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 1721600 25525500 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 120 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 19216810 000255 10110 000255
end
2509#
路由器和路由器之間的配置代碼
精選文章
-
路由器測試技術方法大全
路由器需要連接兩個或多個邏輯端口,至少擁有一個物理端口。路由器根據(jù)收到的數(shù)據(jù)包中網(wǎng)絡層地址以及路由器內(nèi)部維護的路由表決定輸出端口以及下一
-
如何用終端控制臺訪問路由器
路由器是我們常用到的網(wǎng)絡設備,本文主要介紹了訪問路由器可以用終端控制臺,TTY線路,VTY線路,基于SNMP網(wǎng)管和RMON等方法,詳細的敘述請閱讀本文。 終端控
-
存儲路由器和SAN路由器知識大全
存儲路由器的主要的特點是極大地提高了容災系統(tǒng)的數(shù)據(jù)可用性,整體的可靠性和穩(wěn)定性,利用存儲路由器構建的多個SAN存儲體系互通的連接。 存儲路由器
-
路由器的作用與功能知識大全
路由器的原理與作用路由器是一種典型的網(wǎng)絡層設備。它是兩個局域網(wǎng)之間接幀傳輸數(shù)據(jù),在OSI/RM之中被稱之為中介系統(tǒng),完成網(wǎng)絡層中繼或第三層中繼的